OMB Focuses On Cybersecurity

By Bruce Levinson

Ensuring federal cybersecurity is essential to protecting national security. According to some media reports, recommendations have been made to the Bush Administration to "create a distinct administrative cybersecurity position within the Homeland Security Department to oversee progress in the federal government and act as a liaison with private industry." However, before new bureaucracy is created, it is important to recognize the practical cybersecurity policies and projects that are already being undertaken by the Administration.

Of particular importance, the White House Office of Management and Budget (OMB) is requiring all federal agencies to factor cybersecurity costs into their budget requests and to only undertake information technology projects that adequately address cybersecurity.

Karen Evans, Administrator of OMB's Office of E-Government and Information Technology, was recently quoted as saying, "Cybersecurity costs are expected to be factored into all agency budget requests. It's a matter the administration takes seriously enough that the Office of Management and Budget suggests agencies without adequate plans to improve cybersecurity shouldn't move to any new IT projects until cybersecurity is addressed."

Every federal agency has one or more roles to play in promoting cybersecurity. For some agencies, their primary cybersecurity goal will be to protect the agency's IT components. Other agencies, including OMB, will also have broader missions with regard to cybersecurity. Ensuring that all of these various cybersecurity functions are performed properly is clearly an Administration priority.

In addition to the federal government, all other stakeholders including industry, State and local governments, and international organizations will also need to take pro-active measures to enhance cybersecurity. ICANN's draft Strategic Plan appropriately lists internet security and stability as their first strategic priority. Of course, no single entity, policy or technology can protect IT security. However, ensuring appropriate technical management of the internet needs to be an integral component of any comprehensive plan for promoting cybersecurity.

By Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness

Related topics: Cybersecurity, DNS, ICANN